Wireshark

Wireshark is one of the world's foremost network protocol analyzers, and is the standard in many parts of the industry. It is the continuation of a project that started in 1998. Hundreds of developers around the world have contributed to it, and it it still under active development.

Wireshark has a rich feature set which includes the following:

• Standard three-pane packet browser
• Multi-platform: Runs on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many others
• Multi-interface: Along with a standard GUI, Wireshark includes TShark, a text-mode analyzer which is useful for remote capture, analysis, and scripting
• The most powerful display filters in the industry
• VoIP analysis
• Live capture and offline analysis are supported
• Read/write many different capture file formats: tcpdump (libpcap), NAI's Sniffer (compressed and uncompressed), Sniffer Pro, NetXray, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, Visual Networks' Visual UpTime and many others
• Capture files compressed with gzip can be decompressed on the fly
• Hundreds of protocols are supported, with more being added all the time
• Coloring rules can be applied to the packet list, which eases analysis

Bug Fixes

The following vulnerabilities have been fixed:

• The 6LoWPAN dissector could crash
• The P_MUL dissector could crash
• The RTSE dissector and other dissectors could crash
• The ISAKMP dissector could crash

The following bugs have been fixed:

• console.lua not found in a folder with non-ASCII characters in its name
• Disabling Update list of packets in real time. will generally trigger crash after three start capture, stop capture cycles
• UDP Multicast Stream double counts
• text2pcap et al. set snaplength to 64kiB-1, while processing frames of 256kiB
• Builds without libpcap fail if the libpcap headers aren’t installed
• TCAP AnalogRedirectRecord parameter incorrectly coded as mandatory in QualReq_rr message
• macOS DMG appears to have duplicate files
• Wireshark jumps behind other windows when opening UAT dialogs
• Executing -z http,stat -r file.pcapng throws a segmentation fault
• IS-41 TCAP RegistrationNotification Invoke has borderCellAccess parameter coded as tag 50 (as denyAccess) but should be 58
• In DNS statistics, response times > 1 sec not included
• GTPv2 APN dissect problem

Updated Protocol Support:

• 6LoWPAN, ANSI MAP, DNP3, DNS, GSM A, GTP, GTPv2, IMF, ISAKMP, ISObus VT, Kerberos, P_MUL, RTSE, S7COMM, and TCAP